Skip to content
PricingDocs

Account Sharing Detection

Pinpoint when multiple people share a single account across different hardware.

The Problem

SaaS platforms lose 20-30% of addressable revenue to credential sharing — each shared seat is a conversion that registers as zero in your pipeline. The engineering challenge: distinguishing legitimate multi-device use (phone + laptop + tablet) from actual credential distribution across distinct users.

Our Solution

Track unique devices per account with Device Identification. Our persistent fingerprinting identifies different devices even when they share the same IP or use the same browser version.

Key Metrics

89%
Sharing Detection
23%
Subscription Revenue Lift
0.5%
False Flag Rate

How It Works

How tracio.ai detects account sharing across devices.

1

Device connects

Authenticated user accesses content or features on their account

2

Signals analyzed

tracio.ai records the device fingerprint and associates it with the user account

3

Threat blocked

Accounts exceeding device thresholds are flagged, throttled, or prompted to upgrade

1

Authenticated user accesses content or features on their account

2

tracio.ai records the device fingerprint and associates it with the user account

3

System tracks unique device count per account over a rolling time window

4

Accounts exceeding device thresholds are flagged, throttled, or prompted to upgrade

Before vs After

Without tracio.ai

HIGH RISK
  • Users share login credentials with friends, family, or resellers
  • Cookie-based device counting is trivially bypassed
  • Legitimate multi-device usage is falsely flagged as sharing
  • Revenue leakage from shared accounts grows unchecked

With tracio.ai

PROTECTED
  • Persistent device fingerprints count unique devices accurately
  • Fingerprints survive cookie clears, incognito mode, and browser changes
  • Geographic and temporal analysis distinguishes sharing from travel
  • Configurable thresholds let you set sharing policies per plan tier

Expected Results

89%
Sharing Detection
23%
Subscription Revenue Lift
0.5%
False Flag Rate
Real-time
Device Counting

Key Features

  • 01Device Identification unique device counting per account
  • 02IP Intelligence geographic anomaly detection
  • 03Concurrent session monitoring
  • 04device history and timeline
  • 05Configurable sharing thresholds
  • 06Geographic anomaly detection for impossible travel patterns
  • 07Device usage heatmaps per account
  • 08Configurable enforcement actions (warn, throttle, block)

Frequently Asked Questions

Real-World Scenario

A SaaS platform with per-seat licensing discovers that a single enterprise account is being used by 23 different people. The credentials are shared in a company wiki, and each employee accesses the platform from their own laptop. IP-based detection fails because most users are behind the same corporate VPN. tracio.ai traces 23 distinct device fingerprints — each with a unique canvas hash, WebGL renderer string, and hardware profile — all linked to the same account, providing definitive evidence of seat limit violations that IP analysis alone would miss.

Implementation Guide

Step-by-step integration with tracio.ai

01

Deploy the tracio.ai SDK across all authenticated pages to continuously trace devices throughout the user session, not just at login

02

Build a device-per-account counter: store the mapping between device trace IDs and account IDs, tracking unique devices over a rolling 30-day window

03

Define sharing thresholds per plan tier — for example, 2 devices for Individual, 5 for Team, 10 for Enterprise — and configure alerting when thresholds are approached

04

Implement graduated enforcement: warn users at 80% of their device limit, throttle at 100%, and prompt an upgrade or device deauthorization at 120%

05

Use geographic signal correlation to distinguish sharing from legitimate travel — simultaneous sessions from different continents on different hardware indicate sharing, not travel

Expected Timeline

Week 1

Device-per-account mapping begins populating. Accounts with obvious sharing patterns (10+ unique devices) surface immediately. No enforcement yet — monitoring only.

Month 1

Sharing detection accuracy reaches 89% with false flag rates under 0.5%. Graduated enforcement begins: sharing accounts receive upgrade prompts. Subscription conversion from shared accounts starts generating incremental revenue.

Month 3

23% subscription revenue lift from converted shared accounts. Device limits are enforced consistently across all plan tiers. Legitimate multi-device users experience no friction.

Common Mistakes to Avoid

01

Setting device limits too low for the plan tier — legitimate users with a phone, tablet, and laptop already use 3 devices, so Individual plans should allow at least 3

02

Counting devices without a rolling window — a user who replaces their laptop should not be penalized for the old device; use a 30-day rolling window with device decay

03

Blocking accounts immediately instead of using graduated enforcement — abrupt blocking creates support tickets and churn; warn, throttle, then prompt upgrades

Related Resources

Related Use Cases

Payment Fraud Prevention

Catch fraudulent transactions before they clear by recognizing returning fraudsters across sessions.

Learn more

Account Takeover Protection

Flag login attempts from unrecognized devices before attackers gain access.

Learn more

Credential Stuffing Prevention

Shut down automated login attacks that test stolen credential databases against your endpoints.

Learn more

Ready to start preventing account sharing? Start your free trial or book a demo. No credit card required.